Incoherent rant.
I’ve, once again, noticed Amazon and Anthropic absolutely hammering my Lemmy instance to the point of the lemmy-ui container crashing. Multiple IPs all over the US.
So I’ve decided to do some restructuring of how I run things. Ditched Fedora on my VPS in favour of Alpine, just to start with a clean slate. And started looking into different options on how to combat things better.
Behold, Anubis.
“Weighs the soul of incoming HTTP requests to stop AI crawlers”
From how I understand it, it works like a reverse proxy per each service. It took me a while to actually understand how it’s supposed to integrate, but once I figured it out all bot activity instantly stopped. Not a single one got through yet.
My setup is basically just a home server -> tailscale tunnel (not funnel) -> VPS -> caddy reverse proxy, now with anubis integrated.
I’m not really sure why I’m posting this, but I hope at least one other goober trying to find a possible solution to these things finds this post.
Edit: Further elaboration for those who care, since I realized that might be important.
- You don’t have to use caddy/nginx/whatever as your reverse proxy in the first place, it’s just how my setup works.
- My Anubis sits between my local server and inside Caddy reverse proxy docker compose stack. So when a request is made, Caddy redirects to Anubis from its Caddyfile and Anubis decides whether or not to forward the request to the service or stop it in its tracks.
- There are some minor issues, like it requiring javascript enabled, which might get a bit annoying for NoScript/Librewolf/whatever users, but considering most crawlbots don’t do js at all, I believe this is a great tradeoff.
- The most confusing part were the docs and understanding what it’s supposed to do in the first place.
- There’s an option to apply your own rules via json/yaml, but I haven’t figured out how to do that properly in docker yet. As in, there’s a main configuration file you can override, but there’s apparently also a way to add additional bots to block in separate files in a subdirectory. I’m sure I’ll figure that out eventually.
Edit 2 for those who care: Well crap, turns out lemmy-ui crashing wasn’t due to crawlbots, but something else entirely.
I’ve just spent maybe 14 hours troubleshooting this thing, since after a couple of minutes of running, lemmy-ui container healthcheck would show “unhealthy” and my instance couldn’t be accessed from anywhere (lemmy-ui, photon, jerboa, probably the api as well).
After some digging, I’ve disabled anubis to check if that had anything to do with it, it didn’t. But, I’ve also noticed my host ulimit -n was set to like 1000… (I’ve been on the same install for years and swear an update must have changed it)
After changing ulimit -n (nofile) and shm_size to 2G in docker compose, it hasn’t crashed yet. fingerscrossed
Boss, I’m tired and I want to get off Mr. Bones’ wild ride.
I’m very sorry for not being able to reply to you all, but it’s been hectic.
Cheers and I really hope someone finds this as useful as I did.
I’ve seen some people reject this solution due to the anime.
You don’t by chance use traefik with this? I’ve figured out how to use it with docker on the same device, but can’t figure out how to use it with external services.
Go_Away is another alternative
Anubis just released the no-JS challenge in a update. Page loads for me with JS disabled. https://anubis.techaro.lol/blog/release/v1.20.0/
The development of Anubis remains a matter of enthusiasm: Zee is funding the project through Patreon and sponsorship on GitHub, but cannot yet afford to pursue it on a full-time basis. He would also like to hire a key community member, budget permitting.
I’ve, once again, noticed Amazon and Anthropic absolutely hammering my Lemmy instance to the point of the lemmy-ui container crashing.
I’m just curious, how did you notice this in the first place? What are you monitoring to know and how do you present that information?
Besides that point: why tf do they even crawl lemmy. They could just as well create a “read only” instance with an account that subscribes to all communities … and the other instances would send their data. Oh, right, AI has to be as unethical as possible for most companies for some reason.
They crawl wikipedia too, and are adding significant extra load on their servers, even though Wikipedia has a regularly updated torrent to download all its content.
See your brain went immediately to a solution based on knowing how something works. That’s not in the AI wheelhouse.
They’re likely not intentionally crawling Lemmy. They’re probably just crawling all sites they can find.
Because the easiest solution for them is a simple web scraper. If they don’t give a shit about ethics, then something that just crawls every page it can find is loads easier for them to set up than a custom implementation to get torrent downloads for wikipedia, making lemmy/mastodon/pixelfed instances for the fediverse, using rss feeds and checking if they have full or only partial articles, implementing proper checks to prevent double (or more) downloading of the same content, etc.
Something that’s less annoying than Anubis is fail2ban tarpitting the scrapers by putting in a hidden honeypot page link that they follow, and adding the followers to fail2ban.
Wow, what a combo ! I guess this would reduce the tarpit’s overall power consumption?
I haven’t looked at your link yet and maybe it already contains my answer, but I wish to customize for how long they are traped into the tarpit before fail2ban kicks in so I can still poison their AI while saving alot of ressources !!
Edit:
block anything that visits it more, than X times with fail2ban
I guess this is it, but I’m not sure how that translates from nepenthese to fail2ban. Need further reading and testing !
Thanks for the link !
Been seeing this on people’s invidious instances
I’ve been planning on seeing this up for ages. Love the creators vibe. Thanks for this.
I don’t like Anubis because it requires me to enable JS – making me less secure. reddthat started using go-away recently as an alternative that doesn’t require JS when we were getting hammered by scrapers.
Fwiw Anubis is adding a nojs meta refresh challenge that if it doesn’t have issues will soon be the new default challenge
Won’t the bots just switch to using that instead of the heavier JS challenge?
They can, but it’s not trivial. The challenge uses a bunch of modern browser features that these scrapers don’t use, regarding metadata and compression and a few other things. Things that are annoying to implement and not worth the effort. Check the recent discussion on lobste.rs if you’re interested in the exact details.
Check the recent discussion on lobste.rs if you’re interested in the exact details.
For those coming from the future: https://lobste.rs/s/aa7ske/anubis_now_supports_non_js_challenges
Plus even if they were to implement those features, the challenges would still get increasingly harder the more bot-like a scraper behaves.
You can’t prevent scraping entirely but you can certainly prevent scraping that behaves like a DOS attack.
iirc there’s instructions on completing the anubis challenge manually
But don’t you know that Anubis is MALWARE?
…according to some of the clowns at the FSF, which is definitely one of the opinions to have. https://www.fsf.org/blogs/sysadmin/our-small-team-vs-millions-of-bots
tbh I kinda understand their viewpoint. Not saying I agree with it.
The Anubis JavaScript program’s calculations are the same kind of calculations done by crypto-currency mining programs. A program which does calculations that a user does not want done is a form of malware.
Ok but if it allows anubis to judge the soul of my bytes as being worthy of reaching a certain site I’m trying to access, then the program is not making any calculations that I don’t want it to.
Would the FSF prefer the challenge page wait for user interaction before starting that proof of work? Along with giving them user a “don’t ask again” checkbox for future challenges?
That’s guilt by association. Their viewpoint is awful.
I also wished there was no security at the gate of concerts, but I happily accept it if that means actual security (if done reasonably of course). And quite frankly, cute anime girl doing some math is so, so much better than those god damn freaking captchas. Or the service literally dying due to AI DDoS.
Edit: Forgot to mention, proof of work wasn’t invented by or for crypto currency or blockchain. The concept exists since the 90’s (as an idea for Email Spam prevention), making their argument completely nonsensical.
And quite frankly, cute anime girl doing some math is so, so much better than those god damn freaking captchas
One user complained that a random anime girl popping up is making his gf think he’s watching hentai. So the mascot should be changed to something “normal”.
Lol.
“My relationship is fragile and it’s the internets fault.”
Ah, hashcash. Wish that had taken off, it was a good idea …
TIL of hashcash
Requiring client to runs client side code, if tolerated, will lead to the extinction of pure http clients. That in turn will enable to drm the whole web. I rather see it all burn.
The FSF explanation of why they dislike Anubis could just as easily apply to the process of decrypting TLS/HTTPS. You know, something uncontroversial that every computer is expected to do when they want to communicate securely.
I don’t fundamentally see the difference between “The computer does math to ensure end-to-end privacy” and “The computer does math to mitigate DDoS attempts on the server”. Either way, without such protections the client/server relationship is lacking crucial fundamentals that many interactions depend on.
Right. One of the facets of cryptography is rounds: if you apply the same algorithm 10,000 times instead of just one, it might make it slightly slower each time you need to run it, but it makes it vastly slower for someone trying to brute-force your password.
I’ve made that exact comparison before. TLS uses encryption; ransomware also uses encryption; by their logic, serving web content through HTTPS with no way to bypass it is a form of malware. The same goes for injecting their donation banner using an iframe.
I am planning to try it out, but for caddy users I came up with a solution that works after being bombarded by AI crawlers for weeks.
It is a custom caddy CEL expression filter coupled with caddy-ratelimit and caddy-defender.
Now here’s the fun part, the defender plugin can produce garbage as response so when a matching AI crawler fits it will poison their training dataset.
Originally I only relied on the rate limiter and noticed that AI bots kept trying whenever the limit was reset. Once I introduced data poisoning they all stopped :)
git.blob42.xyz { @bot <<CEL header({'Accept-Language': 'zh-CN'}) || header_regexp('User-Agent', '(?i:(.*bot.*|.*crawler.*|.*meta.*|.*google.*|.*microsoft.*|.*spider.*))') CEL abort @bot defender garbage { ranges aws azurepubliccloud deepseek gcloud githubcopilot openai 47.0.0.0/8 } rate_limit { zone dynamic_botstop { match { method GET # to use with defender #header X-RateLimit-Apply true #not header LetMeThrough 1 } key {remote_ip} events 1500 window 30s #events 10 #window 1m } } reverse_proxy upstream.server:4242 handle_errors 429 { respond "429: Rate limit exceeded." } }If I am not mistaken the 47.0.0.0/8 ip block is for Alibaba cloud
If I am not mistaken the 47.0.0.0/8 ip block is for Alibaba cloud
That’s an ARIN block according to Wikipedia so North America, under Northen Telecom until 2010. It does look like Alibaba operate many networks under that
/8, but I very much doubt it’s the whole/8which would be worth a lot; a/16is apparently worth around $3-4M, so a/8can be extrapolated to be worth upwards of a billion dollars! I doubt they put all their eggs into that particular basket. So you’re probably matching a lot of innocent North American IPs with this.Right I must have just blanket banned the whole /8 to be sure alibaba cloud is included. Did some time ago so I forgot
When I blocked Alibaba, the AI crawlers immediately started coming from a different cloud provider (Huawei, I believe), and when I blocked that, it happened again. Eventually the crawlers started coming from North American and then European cloud providers.
Due to lack of time to change my setup to accommodate Anubis, I had to temporarily move my site behind Cloudflare (where it sadly still is).
We need a decentralized community owned cloudflare alternative. Anubis looks on good track.
It doesn’t stop bots
All it does is make clients do as much or more work than the server which makes it less temping to hammer the web.
Yeah, from what I understand it’s nothing crazy for any regular client, but really messes with the bots.
I don’t know, I’m just so glad and happy it works, it doesn’t mess with federation and it’s barely visible when accessing the sites.Personally my only real complaint is the lack of wasm. Outside if that it works fairly well.
Also your avatar and the image posted here (not the thumbnail) seem broken - I wonder if that’s due to Anubis?
Just updated the post again, yeah. But I think that was due to me changing nameservers for my domain at the time. Cheers.
